I think the answer is correct. Key is port 3389 from the internet for both VMs. If we want to connect to two different machines on the same port we need to have two different frontend IPs for the port forwarding.

This does not make sense. On existing LB, you can create NAT rule right away. The frontend IP address is already there. Imho maybe B is right, you need to set the load balancing rule for port 3389.

Since back-end pool, health probe and load balancing rule already are created, only public IP is missing.

Again... dont understand the debate. The question reads... "What should you create on LB1 BEFORE you can create the new inbound NAT rules?" So I am not sure how people think they answer is B. Do they think that before they can create the rule they have to great the rule? It can have multiple front end IPs. https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview

https://learn.microsoft.com/en-us/azure/load-balancer/manage-inbound-nat-rules?tabs=inbound-nat-rule-portal#add-a-single-vm-inbound-nat-rule Given the need to establish a point of contact for inbound network connectivity, the correct answer is A. a frontend IP address. This is essential as it serves as the entry point for traffic, which is then directed to the appropriate resources using NAT rules.

this question is poorly formulated, you've already got all of the 4 possible answers within the LB itself. why would you need a second public ip address? this question is weird

You can use the same IP Adress with different frontend ports IP1:3800 -> vm1:3389 IP1:3801 -> vm2:3389 The frontend port doesn't have to be Port 3389. The Frontend and Backend Ports doesn't have to be the same.

the question does not really make sense: you don't need a load balancing rule, a health probe or a backend pool for single VM inbound NAT rule and there should already be a public IP you can use. e.g. you create 2x NAT rules: <pip>:3391 -> VM1:3389 and <pip>:3392 -> VM2:3389 but yeah, if you want <pip>:3389 then you need additional public IPs.... Source: https://learn.microsoft.com/en-us/azure/load-balancer/manage-inbound-nat-rules?tabs=inbound-nat-rule-portal#add-a-single-vm-inbound-nat-rule

The whole point of NAT rules is that can access a specific port on the VM using any random port number you define in NAT rules. You can RDP to port 3389 using something like 132.25.32.125:9999 because NAT will translate the incoming port 9999 to 3389. What you really need is a public IP Address, without which it is not possible to RDP in the VM from Internet.

An inbound NAT rule forwards incoming traffic sent to frontend IP address and port combination. The traffic is sent to a specific virtual machine or instance in the backend pool. Port forwarding is done by the same hash-based distribution as load balancing. https://learn.microsoft.com/en-us/azure/load-balancer/components

We want to use NAT why we need LB rule? Confusing

I believe the answer is Option A. NAT rule must be explicitly attached to a VM (or network interface) to complete the path to the target; whereas Load Balancing rule need not be. In the latter case, a VM is selected (from the back-end address pool or VMs) to complete the path to the target.

Frontend IP Address

Answer is B Tested. You can use the same public ip with 2 rules balancing different ports for the same backend pool.

OpenAI "Before creating the new inbound NAT rules, you need to create a frontend IP address on LB1. The frontend IP address will be used to map the incoming traffic to the backend pool and backend VMs. Once you have created the frontend IP address, you can then create the new inbound NAT rules for port 3389 to provide Remote Desktop access to VM1 and VM2 from the internet. So the correct answer is A. a frontend IP address."

90% sure

Weird question. What is the topic exactly willing to ask? Access RDP via LB? Attach LB a Public IP first? Whats is the point???